@aithos/sdk 0.1.0-alpha.4 → 0.1.0-alpha.41

package/dist/src/data.js

@@ -0,0 +1,670 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+/**
+ * `sdk.data` — high-level API for the Aithos data sub-protocol PDS.
+ *
+ * The Aithos data sub-protocol stores operational records (contacts,
+ * messages, ...) under a subject's identity, encrypted client-side,
+ * accessible to authorized apps via signed mandates. This module is the
+ * ergonomic façade developers consume:
+ *
+ *     const client = createDataClient({ pdsUrl, did, sphereSeed });
+ *     const contacts = client.collection("contacts");
+ *     const id = await contacts.insert({ name: "Jean", phone: "+33..." });
+ *     const list = await contacts.list({ filter: { status: "lead" } });
+ *
+ * Under the hood the module handles: envelope signing per spec §11,
+ * CMK / DEK lifecycle (generate, wrap, unwrap), per-record AEAD
+ * encryption, split between indexable metadata (server-visible) and
+ * encrypted payload (server-blind), JSON-RPC dispatch.
+ *
+ * It does not (yet) handle: mandate-delegate authentication on the
+ * caller side (the SDK only signs as owner in v0.1), full schema
+ * publication (no `registerSchema` RPC yet — that lands with A2b, cf.
+ * aithos-protocol/PLAN-A2b-schema-self-registration.md), forward-secrecy
+ * CMK rotation primitives. Those land in later Sub-jalons.
+ *
+ * Apps that need to use a vendor schema (`aithos.x.<vendor>.<name>.v<N>`,
+ * or any non-`aithos.*` namespace) pass their schema definitions to
+ * `createDataClient({ schemas: [...] })`. The PDS accepts these at face
+ * value (no server-side metadata validation pending A2b); the SDK uses
+ * the supplied schema definitions to split records into indexable
+ * metadata and encrypted payload.
+ *
+ * Spec ref: spec/data/01..10 of the aithos-protocol repo.
+ */
+import { x25519 } from "@noble/curves/ed25519.js";
+import { hkdf } from "@noble/hashes/hkdf.js";
+import { sha256, sha512 } from "@noble/hashes/sha2.js";
+import { XChaCha20Poly1305 } from "@stablelib/xchacha20poly1305";
+import * as ed from "@noble/ed25519";
+import { contactsV1 } from "./data-schema-contacts-v1.js";
+import { signOwnerEnvelope } from "./internal/envelope.js";
+// noble/ed25519 v2 needs sha512 wired in for sync sign/verify
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+ed.etc.sha512Sync = (...m) => 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+sha512(ed.etc.concatBytes(...m));
+/* -------------------------------------------------------------------------- */
+/*  Schema registry (local)                                                   */
+/* -------------------------------------------------------------------------- */
+const SCHEMAS = new Map([
+    [contactsV1.schema, contactsV1],
+]);
+/* -------------------------------------------------------------------------- */
+/*  Public factory                                                            */
+/* -------------------------------------------------------------------------- */
+export function createDataClient(args) {
+    return new DataClientImpl(args);
+}
+/* -------------------------------------------------------------------------- */
+/*  Implementation                                                            */
+/* -------------------------------------------------------------------------- */
+class DataClientImpl {
+    #pdsUrl;
+    #did;
+    #seed;
+    #vm;
+    #fetch;
+    /**
+     * Per-client schema overrides, populated from `args.schemas` at
+     * construction. Looked up BEFORE the bundled SCHEMAS map (so an app
+     * can override a core schema locally if it really wants to, though
+     * the immutability rule of spec §3.5 strongly discourages this).
+     */
+    #localSchemas;
+    // Per-collection CMK cache: cleared on reset()
+    #cmkCache = new Map();
+    #colCache = new Map();
+    constructor(args) {
+        this.#pdsUrl = args.pdsUrl.replace(/\/$/, "");
+        this.#did = args.did;
+        this.#seed = args.sphereSeed;
+        this.#vm = args.verificationMethod;
+        this.#fetch = args.fetch ?? globalThis.fetch.bind(globalThis);
+        this.#localSchemas = new Map((args.schemas ?? []).map((s) => [s.schema, s]));
+    }
+    /**
+     * Resolve a schema id to its lite definition. App-supplied schemas
+     * (via `createDataClient({ schemas })`) take precedence over the
+     * SDK-bundled core registry.
+     */
+    #resolveSchema(schemaId) {
+        return this.#localSchemas.get(schemaId) ?? SCHEMAS.get(schemaId) ?? null;
+    }
+    collection(name) {
+        return new DataCollectionImpl(this, name);
+    }
+    async createCollection(args) {
+        const cmk = randomBytes32();
+        const recipientDidUrl = `${this.#did}#data-kex`;
+        const collectionUrn = this.#collectionUrn(args.name);
+        const recipientPublic = ed25519SeedToX25519PublicKey(this.#seed);
+        const wrap = this.#wrapCmkForRecipient({
+            cmk,
+            recipientPublicKey: recipientPublic,
+            recipientDidUrl,
+            collectionUrn,
+        });
+        try {
+            await this.#call("/mcp/primitives/write", "aithos.data.create_collection", {
+                subject_did: this.#did,
+                collection_name: args.name,
+                schema: args.schema,
+                ...(args.forwardSecrecy ? { forward_secrecy: args.forwardSecrecy } : {}),
+                cmk_envelope: {
+                    alg: "xchacha20poly1305-ietf",
+                    wraps: [wrap],
+                },
+            });
+            // Cache CMK in memory for subsequent ops on this collection.
+            this.#cmkCache.set(args.name, cmk);
+        }
+        finally {
+            // CMK is retained in cache, only zero the local var if we didn't cache.
+        }
+    }
+    async listCollections() {
+        const r = await this.#call("/mcp/primitives/read", "aithos.data.list_collections", {
+            subject_did: this.#did,
+        });
+        const items = r.items ?? [];
+        return items.map((c) => ({
+            name: c.name,
+            schema: c.schema,
+            record_count: c.record_count,
+        }));
+    }
+    async listGammaEntries(opts = {}) {
+        const params = { subject_did: this.#did };
+        if (opts.limit !== undefined)
+            params.limit = opts.limit;
+        if (opts.opPrefix)
+            params.op_prefix = opts.opPrefix;
+        if (opts.verify)
+            params.verify = true;
+        return this.#call("/mcp/primitives/read", "aithos.data.list_gamma_entries", params);
+    }
+    async registerSchema(schemaDoc) {
+        if (schemaDoc === null || typeof schemaDoc !== "object" || Array.isArray(schemaDoc)) {
+            throw new Error("sdk.data.registerSchema: schemaDoc must be a JSON object");
+        }
+        const r = (await this.#call("/mcp/primitives/write", "aithos.data.register_schema", {
+            subject_did: this.#did,
+            schema_doc: schemaDoc,
+        }));
+        return {
+            schemaId: r.schema_id,
+            docHash: r.doc_hash,
+            created: r.created,
+            ...(r.created_at ? { createdAt: r.created_at } : {}),
+        };
+    }
+    async getSchema(schemaId, opts = {}) {
+        const params = { schema: schemaId };
+        // Vendor schemas always need a subject_did to address the right
+        // registry ; for core schemas the PDS ignores it but we still send
+        // ours so the auth check (envelope iss === subject_did) lines up.
+        params.subject_did = opts.subjectDid ?? this.#did;
+        try {
+            const r = (await this.#call("/mcp/primitives/read", "aithos.data.get_schema", params));
+            return r.schema;
+        }
+        catch (e) {
+            if (e.code === -32070)
+                return null;
+            throw e;
+        }
+    }
+    reset() {
+        for (const k of this.#cmkCache.values())
+            k.fill(0);
+        this.#cmkCache.clear();
+        this.#colCache.clear();
+    }
+    /* -- Internals used by DataCollection -- */
+    async _ensureCollection(name) {
+        const cached = this.#colCache.get(name);
+        if (cached)
+            return cached;
+        // Fetch metadata from PDS
+        const meta = (await this.#call("/mcp/primitives/read", "aithos.data.get_collection", {
+            subject_did: this.#did,
+            collection_name: name,
+        }));
+        // Defensive structural validation — some PDS responses have been
+        // observed (alpha.27 era) returning a meta object that lacks
+        // `cmk_envelope` for missing collections, instead of the documented
+        // -32020 JSON-RPC error. Without this check, the next line crashes
+        // with "Cannot read properties of undefined (reading 'wraps')" which
+        // bypasses the upper-layer's missing-collection handling. We re-emit
+        // a clean -32020 here so callers can detect "collection not found"
+        // uniformly.
+        if (!meta ||
+            !meta.cmk_envelope ||
+            !Array.isArray(meta.cmk_envelope.wraps) ||
+            !meta.urn ||
+            !meta.schema) {
+            const err = new Error(`sdk.data: collection "${name}" not found or malformed ` +
+                `(meta missing required field). PDS returned: ${JSON.stringify(meta).slice(0, 200)}`);
+            err.code = -32020;
+            throw err;
+        }
+        // Look up our wrap and unwrap the CMK
+        const ourRecipient = `${this.#did}#data-kex`;
+        const wrap = meta.cmk_envelope.wraps.find((w) => w.recipient === ourRecipient);
+        if (!wrap) {
+            throw new Error(`sdk.data: no CMK wrap for ${ourRecipient} in collection ${name}. The collection was either created with a different recipient, or this client is not the owner.`);
+        }
+        const cmk = this.#unwrapCmk({
+            wrap,
+            collectionUrn: meta.urn,
+            privateKey: ed25519SeedToX25519PrivateKey(this.#seed),
+        });
+        this.#cmkCache.set(name, cmk);
+        const schema = this.#resolveSchema(meta.schema);
+        if (!schema) {
+            throw new Error(`sdk.data: schema "${meta.schema}" not known to the SDK. ` +
+                `Pass it via createDataClient({ schemas: [...] }) if it's an ` +
+                `app-defined (vendor) schema, or upgrade the SDK if it's a core ` +
+                `schema added in a later release.`);
+        }
+        const state = { name, urn: meta.urn, schema };
+        this.#colCache.set(name, state);
+        return state;
+    }
+    async _insert(state, record) {
+        const cmk = this.#cmkCache.get(state.name);
+        if (!cmk)
+            throw new Error("CMK not loaded");
+        const { metadata, payload } = splitRecord(record, state.schema);
+        const recordId = `record_${makeUlid()}`;
+        const encrypted = this.#encryptPayload({
+            collectionName: state.name,
+            recordId,
+            payload,
+            cmk,
+        });
+        const r = (await this.#call("/mcp/primitives/write", "aithos.data.insert_record", {
+            collection_urn: state.urn,
+            record_id: recordId,
+            metadata,
+            payload: encrypted,
+        }));
+        return r.record_id;
+    }
+    async _get(state, recordId) {
+        let raw;
+        try {
+            raw = await this.#call("/mcp/primitives/read", "aithos.data.get_record", {
+                collection_urn: state.urn,
+                record_id: recordId,
+            });
+        }
+        catch (e) {
+            if (e.code === -32020)
+                return null;
+            throw e;
+        }
+        return this.#decryptRecord(state, raw);
+    }
+    async _list(state, opts = {}) {
+        const params = {
+            collection_urn: state.urn,
+        };
+        if (opts.filter)
+            params.filter = opts.filter;
+        if (opts.order)
+            params.order = opts.order;
+        if (opts.limit !== undefined)
+            params.limit = opts.limit;
+        if (opts.cursor)
+            params.cursor = opts.cursor;
+        const r = (await this.#call("/mcp/primitives/read", "aithos.data.list_records", params));
+        const items = r.items.map((it) => this.#decryptRecord(state, it));
+        return {
+            items,
+            ...(r.next_cursor ? { nextCursor: r.next_cursor } : {}),
+        };
+    }
+    async _update(state, recordId, record) {
+        const cmk = this.#cmkCache.get(state.name);
+        if (!cmk)
+            throw new Error("CMK not loaded");
+        const { metadata, payload } = splitRecord(record, state.schema);
+        const encrypted = this.#encryptPayload({
+            collectionName: state.name,
+            recordId,
+            payload,
+            cmk,
+        });
+        await this.#call("/mcp/primitives/write", "aithos.data.update_record", {
+            collection_urn: state.urn,
+            record_id: recordId,
+            metadata,
+            payload: encrypted,
+        });
+    }
+    async _delete(state, recordId) {
+        await this.#call("/mcp/primitives/write", "aithos.data.delete_record", {
+            collection_urn: state.urn,
+            record_id: recordId,
+        });
+    }
+    /* -- JSON-RPC dispatch -- */
+    async #call(path, method, params) {
+        const aud = `${this.#pdsUrl}${path}`;
+        const envelope = await signOwnerEnvelope({
+            iss: this.#did,
+            aud,
+            method,
+            params,
+            verificationMethod: this.#vm,
+            signer: { sign: async (msg) => ed.sign(msg, this.#seed) },
+        });
+        const body = {
+            jsonrpc: "2.0",
+            id: makeUlid(),
+            method,
+            params: { ...params, _envelope: envelope },
+        };
+        const r = await this.#fetch(aud, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify(body),
+        });
+        const json = (await r.json());
+        if (json.error) {
+            const err = new Error(json.error.message);
+            err.code = json.error.code;
+            err.data = json.error.data;
+            throw err;
+        }
+        return json.result ?? {};
+    }
+    /* -- Crypto helpers -- */
+    #collectionUrn(name) {
+        return `urn:aithos:collection:${this.#did}:${name}`;
+    }
+    #wrapCmkForRecipient(args) {
+        const ephSk = x25519.utils.randomSecretKey();
+        const ephPk = x25519.getPublicKey(ephSk);
+        const shared = x25519.getSharedSecret(ephSk, args.recipientPublicKey);
+        const wrapKey = hkdf(sha256, shared, utf8("aithos-data-cmk-wrap-v1"), utf8(args.recipientDidUrl), 32);
+        const wrapNonce = randomBytes24();
+        const aad = aadCmkWrap(args.collectionUrn, args.recipientDidUrl);
+        const aead = new XChaCha20Poly1305(wrapKey);
+        const wrapped = aead.seal(wrapNonce, args.cmk, aad);
+        wrapKey.fill(0);
+        shared.fill(0);
+        return {
+            recipient: args.recipientDidUrl,
+            alg: "x25519-hkdf-sha256-aead",
+            ephemeral_public: base64Std(ephPk),
+            wrap_nonce: base64Std(wrapNonce),
+            wrapped_key: base64Std(wrapped),
+        };
+    }
+    #unwrapCmk(args) {
+        const ephPk = fromBase64(args.wrap.ephemeral_public);
+        const wrapNonce = fromBase64(args.wrap.wrap_nonce);
+        const wrappedKey = fromBase64(args.wrap.wrapped_key);
+        const shared = x25519.getSharedSecret(args.privateKey, ephPk);
+        const wrapKey = hkdf(sha256, shared, utf8("aithos-data-cmk-wrap-v1"), utf8(args.wrap.recipient), 32);
+        const aad = aadCmkWrap(args.collectionUrn, args.wrap.recipient);
+        const aead = new XChaCha20Poly1305(wrapKey);
+        const cmk = aead.open(wrapNonce, wrappedKey, aad);
+        wrapKey.fill(0);
+        shared.fill(0);
+        if (!cmk)
+            throw new Error("sdk.data: CMK unwrap failed (wrong key or AAD mismatch)");
+        return cmk;
+    }
+    #encryptPayload(args) {
+        const dek = randomBytes32();
+        try {
+            const plaintext = new TextEncoder().encode(jcsCanonicalize(args.payload));
+            const nonce = randomBytes24();
+            const aad = aadRecord(this.#did, args.collectionName, args.recordId);
+            const aead = new XChaCha20Poly1305(dek);
+            const ciphertext = aead.seal(nonce, plaintext, aad);
+            const dekWrapNonce = randomBytes24();
+            const dekAad = aadDekWrap(this.#did, args.collectionName, args.recordId);
+            const dekAead = new XChaCha20Poly1305(args.cmk);
+            const wrapped = dekAead.seal(dekWrapNonce, dek, dekAad);
+            const dekWrap = new Uint8Array(dekWrapNonce.length + wrapped.length);
+            dekWrap.set(dekWrapNonce, 0);
+            dekWrap.set(wrapped, dekWrapNonce.length);
+            return {
+                alg: "xchacha20poly1305-ietf",
+                nonce: base64Std(nonce),
+                ciphertext: base64Std(ciphertext),
+                dek_wrapped_for_cmk: base64Std(dekWrap),
+            };
+        }
+        finally {
+            dek.fill(0);
+        }
+    }
+    #decryptRecord(state, raw) {
+        if (raw.deleted) {
+            // Soft-deleted record — payload was cleared.
+            return { ...raw.metadata, _deleted: true };
+        }
+        const cmk = this.#cmkCache.get(state.name);
+        if (!cmk) {
+            throw new Error("sdk.data: CMK not loaded — call ensureCollection first");
+        }
+        // Unwrap DEK
+        const wrapBuf = fromBase64(raw.payload.dek_wrapped_for_cmk);
+        const wrapNonce = wrapBuf.slice(0, 24);
+        const wrapped = wrapBuf.slice(24);
+        const dekAad = aadDekWrap(this.#did, state.name, raw.record_id);
+        const dekAead = new XChaCha20Poly1305(cmk);
+        const dek = dekAead.open(wrapNonce, wrapped, dekAad);
+        if (!dek)
+            throw new Error("sdk.data: DEK unwrap failed");
+        try {
+            const nonce = fromBase64(raw.payload.nonce);
+            const ciphertext = fromBase64(raw.payload.ciphertext);
+            const aad = aadRecord(this.#did, state.name, raw.record_id);
+            const aead = new XChaCha20Poly1305(dek);
+            const plaintext = aead.open(nonce, ciphertext, aad);
+            if (!plaintext)
+                throw new Error("sdk.data: payload decrypt failed");
+            const payload = JSON.parse(new TextDecoder().decode(plaintext));
+            return { record_id: raw.record_id, ...raw.metadata, ...payload };
+        }
+        finally {
+            dek.fill(0);
+        }
+    }
+}
+class DataCollectionImpl {
+    client;
+    name;
+    constructor(client, name) {
+        this.client = client;
+        this.name = name;
+    }
+    async insert(record) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._insert(state, record);
+    }
+    async get(recordId) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._get(state, recordId);
+    }
+    async list(opts) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._list(state, opts);
+    }
+    async update(recordId, record) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._update(state, recordId, record);
+    }
+    async delete(recordId) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._delete(state, recordId);
+    }
+}
+/* -------------------------------------------------------------------------- */
+/*  Record split (metadata vs payload)                                        */
+/* -------------------------------------------------------------------------- */
+function splitRecord(record, schema) {
+    const metadata = {};
+    const payload = {};
+    for (const [k, v] of Object.entries(record)) {
+        if (schema.auto.has(k))
+            continue; // server-set
+        if (schema.indexable.has(k)) {
+            metadata[k] = v;
+        }
+        else if (schema.encrypted.has(k)) {
+            payload[k] = v;
+        }
+        else {
+            // Unknown field — drop. Server will reject in any case (additionalProperties: false).
+        }
+    }
+    return { metadata, payload };
+}
+/* -------------------------------------------------------------------------- */
+/*  Crypto helpers                                                            */
+/* -------------------------------------------------------------------------- */
+function randomBytes32() {
+    return cryptoRandom(32);
+}
+function randomBytes24() {
+    return cryptoRandom(24);
+}
+/** Cross-platform CSPRNG: Web Crypto in browser, Node WebCrypto in Node 19+. */
+function cryptoRandom(n) {
+    const buf = new Uint8Array(n);
+    // globalThis.crypto exists in browsers and in Node 19+
+    globalThis.crypto?.getRandomValues(buf);
+    return buf;
+}
+function utf8(s) {
+    return new TextEncoder().encode(s);
+}
+function aadCmkWrap(collectionUrn, recipient) {
+    const p = utf8("aithos-data-cmk-v1\0");
+    const c = utf8(collectionUrn);
+    const sep = new Uint8Array([0]);
+    const r = utf8(recipient);
+    const out = new Uint8Array(p.length + c.length + sep.length + r.length);
+    let off = 0;
+    out.set(p, off);
+    off += p.length;
+    out.set(c, off);
+    off += c.length;
+    out.set(sep, off);
+    off += sep.length;
+    out.set(r, off);
+    return out;
+}
+function aadDekWrap(subjectDid, collectionName, recordId) {
+    const p = utf8("aithos-data-dek-v1\0");
+    return concat3WithSeps(p, subjectDid, collectionName, recordId);
+}
+function aadRecord(subjectDid, collectionName, recordId) {
+    const p = utf8("aithos-data-record-v1\0");
+    return concat3WithSeps(p, subjectDid, collectionName, recordId);
+}
+function concat3WithSeps(prefix, a, b, c) {
+    const aa = utf8(a);
+    const bb = utf8(b);
+    const cc = utf8(c);
+    const sep = new Uint8Array([0]);
+    const total = prefix.length + aa.length + sep.length + bb.length + sep.length + cc.length;
+    const out = new Uint8Array(total);
+    let off = 0;
+    out.set(prefix, off);
+    off += prefix.length;
+    out.set(aa, off);
+    off += aa.length;
+    out.set(sep, off);
+    off += sep.length;
+    out.set(bb, off);
+    off += bb.length;
+    out.set(sep, off);
+    off += sep.length;
+    out.set(cc, off);
+    return out;
+}
+/**
+ * Derive a 32-byte X25519 private key from an Ed25519 seed via SHA-512
+ * truncation + clamping. Mirrors libsodium's
+ * crypto_sign_ed25519_sk_to_curve25519 for the secret-key side. Used so
+ * a single Ed25519 sphere seed can both sign envelopes and key-agree
+ * with mandate recipients.
+ */
+function ed25519SeedToX25519PrivateKey(seed) {
+    if (seed.length !== 32)
+        throw new Error("Ed25519 seed must be 32 bytes");
+    const h = sha512(seed);
+    const sk = new Uint8Array(h.slice(0, 32));
+    // Clamp per X25519 spec
+    sk[0] = sk[0] & 248;
+    sk[31] = sk[31] & 127;
+    sk[31] = sk[31] | 64;
+    return sk;
+}
+function ed25519SeedToX25519PublicKey(seed) {
+    const sk = ed25519SeedToX25519PrivateKey(seed);
+    try {
+        return x25519.getPublicKey(sk);
+    }
+    finally {
+        sk.fill(0);
+    }
+}
+function makeUlid() {
+    // Lightweight ULID — millisecond timestamp + 80 bits of randomness.
+    // Crockford base32. For tests this is sufficient; production uses
+    // the canonical ulid package.
+    const tsBuf = new Uint8Array(6);
+    let ts = Date.now();
+    for (let i = 5; i >= 0; i--) {
+        tsBuf[i] = ts & 0xff;
+        ts = Math.floor(ts / 256);
+    }
+    const rndBuf = cryptoRandom(10);
+    const all = new Uint8Array(16);
+    all.set(tsBuf, 0);
+    all.set(rndBuf, 6);
+    const alphabet = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+    let bits = 0;
+    let value = 0;
+    let out = "";
+    for (const b of all) {
+        value = (value << 8) | b;
+        bits += 8;
+        while (bits >= 5) {
+            out += alphabet[(value >> (bits - 5)) & 0x1f];
+            bits -= 5;
+        }
+    }
+    if (bits > 0)
+        out += alphabet[(value << (5 - bits)) & 0x1f];
+    return out.slice(0, 26);
+}
+/** Standard base64 (with `=` padding). Browser + Node compatible. */
+function base64Std(bytes) {
+    let bin = "";
+    for (let i = 0; i < bytes.length; i++)
+        bin += String.fromCharCode(bytes[i]);
+    return btoa(bin);
+}
+/** base64url (URL-safe, no padding). */
+function base64url(bytes) {
+    return base64Std(bytes).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function fromBase64(s) {
+    // Accept either standard base64 or base64url
+    const std = s.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = std + "=".repeat((4 - (std.length % 4)) % 4);
+    const bin = atob(padded);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+function sha256Hex(s) {
+    const d = sha256(new TextEncoder().encode(s));
+    let hex = "";
+    for (const b of d)
+        hex += b.toString(16).padStart(2, "0");
+    return hex;
+}
+/* -------------------------------------------------------------------------- */
+/*  JCS-style canonicalization (RFC 8785 subset)                              */
+/* -------------------------------------------------------------------------- */
+function jcsCanonicalize(value) {
+    if (value === null)
+        return "null";
+    if (value === undefined)
+        throw new Error("Cannot canonicalize undefined");
+    if (typeof value === "boolean")
+        return value ? "true" : "false";
+    if (typeof value === "number") {
+        if (!Number.isFinite(value))
+            throw new Error("non-finite number");
+        return value.toString();
+    }
+    if (typeof value === "string")
+        return JSON.stringify(value);
+    if (Array.isArray(value)) {
+        return "[" + value.map(jcsCanonicalize).join(",") + "]";
+    }
+    if (typeof value === "object") {
+        const obj = value;
+        const keys = Object.keys(obj).sort();
+        return ("{" +
+            keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalize(obj[k])).join(",") +
+            "}");
+    }
+    throw new Error(`Cannot canonicalize ${typeof value}`);
+}
+//# sourceMappingURL=data.js.map

package/dist/src/endpoints.d.ts

@@ -10,11 +10,20 @@ export interface AithosSdkEndpoints {
      * suffixes a fixed path to it.
      */
     readonly wallet: string;
+    /**
+     * Web extractor proxy base URL — `aithos.web_extract`. Default
+     * `https://extract.aithos.be`. Same JSON-RPC + signed-envelope shape
+     * as the compute proxy, distinct audience so a mandate can hold one
+     * scope without the other.
+     */
+    readonly web: string;
 }
 /** Production defaults. */
 export declare const DEFAULT_SDK_ENDPOINTS: AithosSdkEndpoints;
 /** Compose the full compute-invoke URL: `${compute}/v1/invoke`. */
 export declare function computeInvokeUrl(endpoints: AithosSdkEndpoints): string;
+/** Compose the full web-extract URL: `${web}/v1/invoke`. */
+export declare function webInvokeUrl(endpoints: AithosSdkEndpoints): string;
 /** Compose the full top-up-checkout URL: `${wallet}/v1/wallet/topup/checkout`. */
 export declare function walletTopupCheckoutUrl(endpoints: AithosSdkEndpoints): string;
 /**